Online Privacy And Homeland Security

by
Comments are off for this post

The introduction, in the US Senate, of the Cybersecurity Act of 2012 (S 3414), takes the place of Lieberman-Collins Cybersecurity Act (S 2150). It calls for a National Cybersecurity Council, which would be chaired by the Secretary of Homeland Security.

If enacted, crucial privacy concerns would be addressed, with the council working with the operators and owners of critical infrastructures, to minimize cybersecurity risks.

Cybersecurity practices have been under fire, while the ACLU and private individuals have been questioning the role the Federal government would play, as presented in the previous bill, which included mandatory following of agency-enforced standards. In the new bill, these would be optional.

The “toned-down” language of the new bill may help it pass, as support for the initial bill had been fading, especially among Republicans. It’s still not a done deal.

Within the language of the bill, government agency programs for certification remains an area of concern, with how much power the council ultimately has being in question. Questions arise, with the possible regulating of a critical infrastructure sector by a federal agency.

With regard to self-certification, will enforcement be “loose,” as has been suggested by a PDF summary of the bill? Just how much power federal officials will have, remains to be seen.

blog sponsored by The Privacy Council

The Transporting And Security Of Personal Identifiable Information

by
Comments are off for this post

As stories of Apple’s in-app security issues continue, due to the hacking and resulting YouTube videos from Russian developer Alexey V. Borodin, questions regarding the adequacy of current transport layering and their cryptographic protocols seem in order. If high-tech entities are unable to stop supposedly secure information from being compromised, how can individuals assume their personally identifiable information (PII) is secure? Of course, it appears not to be.

The Secure Sockets Layer (SSL), originated by Netscape, affords users a cryptographic protocol when communicating on the web. Additionally, there’s Transport Layer Security (TLS) and Transport Layer Protection (TLP). Borodin appears to have infiltrated in-place layers of security and manipulated digital certificates, in order to avoid paying for in-app purchases. He then produced criminally instructional videos, which he offered on YouTube, showing others how he did it. Even after the blocking of his IP address, by Apple, and the successful removal of his initial video on YouTube, Borodin has continued his operation, utilizing an international server, somewhere outside of Russia.

An immediate need for an upgrading of website security seems obvious.

What implications are there for individuals?

Note: Beyond your password, hackers seeking to steal an identity, look for date of birth, available addresses and phone numbers, all of which are readily accessible on the web. It is recommended that passwords be changed on a regular basis. Protect other personally identifiable information, by not openly sharing it on the global expressway of information.

 

image: sefiani.com.au

blog sponsored by The Privacy Council

Free-App Developers Hurt By In-App Purchase Theft

by
Comments are off for this post

While Apple continues to pursue the Russian hacker, Alexey V. Borodin, represented as ZonD80 on YouTube, the implications of in-app purchase theft spreads.

One of the consequences of these thefts is the effect it has on free-app developers. Free-to-play apps require funding. Along with advertising, the free-app developers depend heavily on revenue produced by in-app purchasing.

Having someone like Borodin presenting iOS users criminally instructional YouTube videos, explaining how to “get around having to pay” for items, by installing a pair of security certificates and altering DNS settings, not only steals from Apple and its developers- it hinders the ability of free-app developers to offer no-cost apps.

Apple was able to have Borodin’s initial YouTube video removed, but another popped up. They blocked his IP address, making it more difficult for him to access their servers, but he is now reportedly utilizing an international server, located outside of Russia.

As Alexey Borodin continues to steal from Apple and their developers, how safe are other “secure” websites? Can Borodin’s methods be employed to intercept other traffic? Are bank accounts secure? In the wake of this ongoing threat, are any authorization and transaction procedures truly secure?

image: macworld.com.au

Blog sponsored by The Privacy Council

3-D Handcuff Hacker

by
Comments are off for this post

On Friday, a security expert, going by the name “Ray,” shocked the audience at a hacker’s conference in New York City. Utilizing nothing more than a 3-D printer, the German consultant was able to produce cheap plastic versions of selected keys, which were then able to unlock handcuffs manufactured by a pair of European companies.

This is seen as a serious problem by law enforcement agencies, as anyone with access to the digital blueprints, seemingly, only need to employ a 3-D printer, in order to make pseudo copies of keys.

Ray says he will further show the vulnerability of these manufacturers, by uploading the CAD files for the hacked keys, to the 3-D-printing web platform. Coming just before this week’s annual lock-picking conference (LockCon) takes place, the buzz is resounding.

Do manufacturers and police agencies have a false sense of security? Are they being undermined? Following this exhibition, probably not. Criminal minds appear to be a step or two ahead, per usual. Clearly, proper protocol must not be ignored, as the implications go well beyond this occurrence.

 

image: graphicshunt.com

Blog sponsored by The Privacy Council

Account Hacking By D33D Exposes “lack of security”

by
Comments are off for this post

With yesterday’s announcement, by Yahoo, of 453,492 accounts being hacked, security breaching is in the news again. Yahoo Contributor Network usernames and passwords from AOL, Gmail, Bell South, Hotmail, MSN, Comcast, SBC Global and Yahoo accounts, were posted online by a hacker group, identifying themselves as D33D. The group blames this breach on a “lack of security.”

The freelance writer accounts compromised, were acknowledged by Yahoo, as well as other news agencies. An old Yahoo file is being blamed, as the D33D group claims to have utilized a “union-based SQL technique,” to tap into log-ins and user accounts.

You can check to see if you’re name or account is on the list, by going to Dazzlepod. If you find your name or account listed, change your password immediately.

Even if your name is not on any of these lists, it’s a good idea to periodically change your passwords, using a high degree of security (a combination of capital and lower-cased letters, numbers and symbols).

Blog sponsored by The Privacy Council

Breaking News: Terror Alert In London – A Hoax

by
Comments are off for this post

With London already in a state of elevated alert, as the Summer Olympics approach, a terror alert occurred just a few hours ago. The Black Hill-Clerkenwell Campus of Central Saint Martins (a London art school), was partially evacuated, after a female student, identifying herself as Young Choo, was stopped by security officers. She was seen carrying a “suspect package” on her back, which turned out to be a bomb-like art installation, attached to a backpack.

After it was determined not to be a bomb, a collective sigh of relief was followed by questions for Ms Choo. Her “art project” got her a good talking to from the local police.

Needless to say, in today’s environment, it’s not a good idea to be walking around looking like a suicide bomber. Hoaxes put people in danger. Precious time and resources are wasted when individuals carry out these kind of spoofs. The authorities already have their hands full, dealing with malicious cyber attacks, actual state-sponsored terrorist threats, as well as those by homicidal individuals.

London is preparing for all worst-case-scenario threats. Military, government security agencies (including the FBI), police and private contractors have been working for months, to insure the Summer Olympics are as safe and secure as humanly possible.

Hopefully, in wake of the upcoming Olympics, and its serious security implications, a lesson was learned today.

image: sport.news.am

Blog sponsored by The Privacy Council

(Simple) How to check with the FBI if you have the Alureon DNS Changer Bot Virus

by
Comments are off for this post

You may have recently heard about the FBI potentially shutting down your Internet access if your computer is infected with a certain virus. The news about what is called the Alureon Virus or the DNS Changer Bot Virus has been widespread but somewhat hard to understand. The virus basically changes the online Identity or IP address of your computer. It was created by a group in Estonia who were using it to redirect people to rogue websites to earn advertising dollars and steal your personal information. The FBI estimates roughly 250,000 computers still have the virus, which is down significantly from a peak of around 5,000,000 computers. They plan to shut down the computers that are still infected as a way to stop the spread.

You don’t need to be a computer geek to check if your computer is infected.  You also don’t need to panic as the virus has been shut down and the people behind it arrested.

You simply need to check. There are 2 steps for checking to see if your computer is infected:

1. Visit this website to detect your computer’s IP address, which will be displayed as a group of numbers separated by periods. Mine is displayed below.

DNS Check FBI Virus

Checking your computer’s IP address by clicking above.

 

 

 

 

 

 

 

2. Visit the FBI’s official website and enter the IP address into the box provided and then click ‘check dns’. My DNS is clean which means my computer does not have the virus.

how to check if your computer has the FBI virus

Once you know your IP address, enter it into the FBI’s official website.

 

 

 

 

 

 

 
If you find you have the virus you may want to check for any signs of identity theft. You may have unknowingly given personal information to what was actually a copy of a popular website. If you are a victim of this, you can file a claim here.